View Full Version : Infected - Smart Fortress 2012
.
Hello......please help with possible multiple infection.
I was browsing through some Google results when Avast started firing multiple warnings (bad urls / files)
I shut down the computer and restarted.....at which point Smart Fortress 2012 was installed and started scanning.
It also disabled my internet (WIND Mobile)
I restarted in safe mode......couldn't update Malwarebytes but scanned anyways.....found this:
Files Detected: 1 ...... C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\temp\ms0cfg32.exe (Exploit.Drop.CFG)
Then ran Avast scan......see attached screen capture.
It appears that Spybot may have been removed but not sure....Safe Mode prevents me from seeing full screen.
Not sure how to procede with required scans.
Everything will need to be done via an 8GB SD card jump drive as I am now posting from another computer.
Please help as I am dead in the water with this one.......Best Regards
.
oldman960
2012-04-29, 18:53
Hi Halton, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Let's see if we can get you back on the internet. This tool will not restore your connection but should show us the problem.
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe), transfer it to the effected computer.
double click the file to run it
make sure Internet Service is checked (RpcSs and PlugPlay should be checked by default and greyed out)
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
.
Hello......Thanks for the quick reply..... :bigthumb:
Here is the Farbar log as requested......
-----------------------------------------------------------------------
Farbar Service Scanner Version: 24-04-2012
Ran by Gooderham (administrator) on 29-04-2012 at 13:46:41
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(8) aswTdi(1) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(9) NwlnkNb(10) Tcpip(3) Tcpip6(2)
0x09000000040000000300000001000000050000000600000008000000090000000A00000002000000
IpSec Tag value is correct.
**** End of log ****
.
oldman960
2012-04-29, 20:23
Hi Halton,
Everything looks in order so the problem lies elsewhere.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your jumpdrive.
Create this text file and save it to the jumpdrive as well. Copy and paste all the text in hte codebox into a notepad. Save it as scan.txt
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
ipsec.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop
Transfer OTL to the infected computer's desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your jumpdrive
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
.
Hello.......here are the results from the OTL scan (in Safe Mode)
----------------------------------------------------------------------
OTL logfile created on: 29/04/2012 5:18:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.32% Memory free
4.83 Gb Paging File | 4.73 Gb Available in Paging File | 97.90% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 5.75 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive E: | 7.19 Gb Total Space | 7.19 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (HWDeviceService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe ()
SRV - (BackupService) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- system32\DRIVERS\swumx20.sys File not found
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- system32\DRIVERS\SWNC5E00.sys File not found
DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- system32\DRIVERS\swmx00.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{995F004B-3A93-445F-9A34-4E2521724E49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 17:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/20 11:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/20 11:37:35 | 000,000,000 | ---D | M]
[2011/02/16 01:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
[2009/08/09 20:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/27 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
[2012/01/09 08:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/24 13:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/03/28 12:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
[2011/02/16 01:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 11:37:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/29 15:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/04/20 11:37:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 11:37:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/29 20:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\WIND\WIND.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [529C50A800717D320000205BD151FC84] C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84\529C50A800717D320000205BD151FC84.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 11:19:15 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
========== Files/Folders - Created Within 30 Days ==========
[2012/04/29 17:09:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/04/29 09:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
[2012/04/29 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
[2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magellan Content Manager
[2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
[2012/04/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\407 ETR
[2012/04/16 11:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\TD Statements
[2012/04/10 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\MoneyBookers
[2012/04/05 21:57:20 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/04 12:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\9TM Arizona
[2012/04/02 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
[2011/10/21 07:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe
========== Files - Modified Within 30 Days ==========
[2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/04/29 13:40:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/29 13:39:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/29 11:28:24 | 000,028,058 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scan Result.jpg
[2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
[2012/04/29 09:42:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 09:40:05 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
[2012/04/29 09:23:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 09:05:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 10:40:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
[2012/04/27 09:10:23 | 000,086,044 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
[2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/23 11:27:28 | 001,249,432 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
[2012/04/23 11:06:17 | 000,036,473 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
[2012/04/15 08:23:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/15 08:23:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/12 03:18:40 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 03:18:40 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/09 11:01:27 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
[2012/04/04 10:51:40 | 000,031,050 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
[2012/04/04 09:47:19 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
[2012/04/04 09:38:31 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2012/04/04 08:50:43 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012/04/29 11:28:20 | 000,028,058 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scan Result.jpg
[2012/04/29 09:43:32 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
[2012/04/27 09:10:21 | 000,086,044 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
[2012/04/23 11:27:24 | 001,249,432 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
[2012/04/23 11:06:15 | 000,036,473 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
[2012/04/20 11:37:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/09 11:01:27 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
[2012/04/05 21:57:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/04 10:51:39 | 000,031,050 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
[2012/04/04 09:47:19 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
[2012/02/15 15:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 11:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2011/12/06 16:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
[2011/12/06 16:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/11/01 08:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011/05/07 17:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/05/06 15:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/06 15:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/06 15:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
[2010/08/22 08:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/06 08:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm
========== LOP Check ==========
[2012/04/29 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
[2012/02/01 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/29 20:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/05/06 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/30 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/03/13 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/04/27 11:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/12/25 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/05/10 06:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
[2008/06/21 20:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/01/11 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2012/02/06 13:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2006/09/11 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/18 00:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2011/12/30 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
[2011/04/27 08:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
[2012/02/07 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\asoftech
[2010/04/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
[2011/05/25 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
[2009/03/02 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
[2011/03/29 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
[2008/01/25 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
[2010/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
[2008/12/09 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
[2011/05/06 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
[2006/06/17 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
[2012/03/13 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
[2008/01/12 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
[2010/10/05 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
[2011/05/09 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
[2011/12/23 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
[2006/10/28 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
[2007/11/15 04:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
[2008/09/16 05:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
[2010/09/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
[2006/12/19 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
[2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
.
.
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/24 22:00:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/29 19:45:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/12/19 20:24:32 | 000,004,688 | RH-- | M] () -- C:\dell.sdr
[2006/09/12 16:42:13 | 000,000,004 | -HS- | M] () -- C:\dllimp_regmsft985
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2006/01/21 16:31:45 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/06/14 13:37:07 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/12/01 18:03:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/10/28 16:11:24 | 000,000,533 | -H-- | M] () -- C:\os062307.bin
[2012/04/29 13:39:36 | 3206,545,408 | -HS- | M] () -- C:\pagefile.sys
[2008/01/12 10:50:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/01/28 19:39:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/01/30 10:18:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/01/30 16:38:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/02/03 12:54:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/02/18 15:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/02/18 20:05:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/02/20 07:47:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/02/28 02:53:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/02/28 03:31:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/03/04 10:34:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/03/04 16:28:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/03/14 18:56:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/03/17 07:24:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/03/18 00:04:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/03/18 00:12:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/01/12 10:50:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/01/28 19:39:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/01/30 10:18:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/01/30 16:38:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/02/03 12:54:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/02/18 15:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/02/18 20:05:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/02/20 07:47:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/02/28 02:53:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/02/28 03:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/03/04 10:34:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/03/04 16:28:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/03/14 18:56:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/03/17 07:24:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/03/18 00:04:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/03/18 00:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/10 15:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2012/01/16 22:44:49 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2011/10/21 07:37:42 | 004,752,189 | ---- | M] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
[2010/12/01 18:11:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2006/03/21 13:36:31 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
[2008/10/15 06:26:10 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\PokerStars.net.lnk
[2005/12/19 20:54:15 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk
[2010/12/01 18:11:18 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2004/08/10 15:04:12 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2006/01/25 19:40:57 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
[2006/01/25 19:26:51 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WordPerfect OfficeReady.lnk
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-27 15:57:01
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EX_ >
[2004/08/04 07:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012/04/12 05:34:45 | 000,037,846 | ---- | M] () MD5=E177790A11E4E7F88B6F2ADDBE1FA98F -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
< MD5 for: EXPLORER.SC_ >
[2004/08/04 07:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: EXPLORER.ZIP >
[2006/03/06 23:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
< MD5 for: IEXPLORE.CHM >
[2009/02/21 02:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 09:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2010/03/27 21:29:28 | 000,153,185 | ---- | M] () MD5=AC06021D4E0B1D4D044EDEFC7BF7E903 -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EX_ >
[2004/08/04 07:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2009/06/29 03:25:31 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=02E2754D3E566C11A4934825920C47DD -- C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[2008/12/19 01:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe
[2008/10/15 02:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2007/04/24 10:26:26 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009 -- C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
[2008/12/19 01:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/08/23 01:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2007/12/06 07:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2007/06/27 04:27:30 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=275CEE268B9E5D82474C43D5D249D111 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2007/08/17 06:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2009/06/29 04:35:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=3CFC56F73D494FC1AA2B6E981DF15ACD -- C:\WINDOWS\ie8\iexplore.exe
[2006/10/17 14:04:40 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=5334D4461AA92A7B008755FE6D13C5F2 -- C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
[2009/12/18 09:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\iexplore.exe
[2007/08/17 06:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 04:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2007/02/21 04:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe
[2007/12/06 04:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2007/01/08 19:08:42 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=93A6A4F5293AE19E3B37021AABCF0902 -- C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe
[2007/04/24 10:20:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C -- C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
[2008/10/15 03:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2007/06/27 05:16:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=BD8502DFD53FC24FB8D6929DC46B8C2C -- C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
[2009/12/18 03:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[2009/12/18 03:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\iexplore.exe
[2007/02/28 02:51:34 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=D321092F8529CDAE843D6E24E3CAC6CB -- C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
[2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 01:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 06:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2006/10/17 14:04:26 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=E83C9C1F9DD9D47BB44871BFC7E69DDD -- C:\WINDOWS\ie8\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012/04/29 09:38:38 | 000,083,058 | ---- | M] () MD5=9B9296F6B5A5C55133BB36F5914DCFA7 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
< MD5 for: IEXPLORE.HLP >
[2004/08/04 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB54679$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
< End of report >
.
.
OTL Extras logfile created on: 29/04/2012 5:18:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.32% Memory free
4.83 Gb Paging File | 4.73 Gb Available in Paging File | 97.90% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 5.75 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive E: | 7.19 Gb Total Space | 7.19 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" = C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe:*:Enabled:HTC Sync
"C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28938B7C-B11B-49BD-84E4-44C8416D4C07}" = Mobilink Lite
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Auction Client" = Auction Client
"Auto Clicker Asoftech Downloader_is1" = Auto Clicker Asoftech Downloader 1.08
"avast" = avast! Free Antivirus
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"AviTricks Pro_is1" = AviTricks Pro version 3.10
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CombiMovie (Freeware)_is1" = CombiMovie Version 1.31
"Defraggler" = Defraggler
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Focus Magic_is1" = Focus Magic 3.02
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Monopoly Classic" = Monopoly Classic
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NirSoft IE PassView" = NirSoft IE PassView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars.net" = PokerStars.net
"PrintMaster 8.0" = PrintMaster® Platinum 8.0
"Prism" = Prism Video Converter
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer Basic
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WIND" = WIND
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouConvert Classic (Shareware)_is1" = YouConvert Classic
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smart Fortress 2012" = Smart Fortress 2012
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03/03/2012 9:19:50 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 04/03/2012 2:03:55 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Error - 04/03/2012 2:04:05 AM | Computer Name = DELL | Source = Application Error | ID = 1001
Description = Fault bucket -1992450170.
Error - 05/03/2012 10:20:50 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Error - 05/03/2012 10:22:39 AM | Computer Name = DELL | Source = Application Error | ID = 1001
Description = Fault bucket -1992450170.
Error - 12/03/2012 12:56:25 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 01/04/2012 4:22:02 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 01/04/2012 4:51:38 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/04/2012 9:12:03 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module oleaut32.dll, version 5.1.2600.6058, fault address 0x0001a9ba.
Error - 20/04/2012 9:23:17 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module aswwebrepie.dll, version 7.0.1426.0, fault address 0x000146ac.
[ OSession Events ]
Error - 25/10/2009 10:15:24 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25/10/2009 10:15:50 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25/10/2009 10:15:57 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25/10/2009 10:16:25 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23/02/2010 9:41:20 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 505
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29/04/2012 1:41:28 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 APPDRV aswSnx aswSP aswTdi Fips intelppm
Error - 29/04/2012 1:46:18 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 1:48:13 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 1:48:17 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:08:43 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:10:49 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:11:44 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:12:32 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:14:59 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 29/04/2012 5:20:37 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
.
.
Also......just an FYI.....I have the internet unplugged from the infected laptop.
.
oldman960
2012-04-30, 13:19
Hi Halton,
A little confused here Is the infected computer capable of connecting with the internet in normal Windows? If you had the cable unplugged it would explain why FSS could not ping google when everything else seemed to be ok.
.
Hello......here is the lowdown..... :)
Initially, when Avast started with the warnings and the Trojan installed, a pop-up briefly appeared.
It said something about disabling the internet connection.....and then quickly disappeared.
When I restarted.......the Smart Fortress began it's bogus scan.
Now, currently in Safe Mode.....when I plug in my 3G WIND Mobile Internet stick.....nothing launches.......normally it would.
It usually would load an "F" drive......which is the 3G stick itself
It would also load a "G" drive......which is the "removable disk" built in.
Not sure if this is a product of being in Safe Mode......even though it is "Safe Mode with Networking"
Or.......it is the Trojan that is not allowing it to execute.
But.......I did not try to launch the internet in normal mode because of the Trojan.
.
oldman960
2012-04-30, 14:56
Hi
that would be most likely due to being in Safe Mode. Only the basic windows drivers/services are loaded and nothing from the autostart locations. You will notice your Security Programs are running.
This tool is very good in removing the infection you have. It works best in Normal windows.
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
.
Downloaded ComboFix to the flash drive and then ran it on the infected machine.
Could only do it in Safe Mode as the "Smart Fortress" takes over in Normal Mode.
Pop-up warned of Antivirus running.....couldn't disable in Safe Mode.
ComboFix appeared to do its thing and found some stuff and then requested a re-start.
Clicked ok......then "Windows is shutting down" appeared as normal.
But.....it is now stuck (hung) on that window....for more than a half hour now.
.
oldman960
2012-04-30, 18:23
Hi Halton,
Restart your computer in Safe Mode. Let it run for a bit, combofix may finish. If not rerun it.
.
Hello.....re-started in Safe Mode.....ComboFix then scanned on its own.
Went through it's processes and deletions and re-started in Normal mode.
My WIND Mobile Internet "exe" got caught up in the deletions.
So I uninstalled it all and then re-installed it fresh.....back online.....now posting from the infected machine.
Here is the ComboFix log..........
--------------------------------------------------------------------------
ComboFix 12-04-31.02 - Gooderham 30/04/2012 12:32:50.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1759 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus 7.1.405 *Enabled/Updated* {41564737-3200-1071-989B-0000E87B4FB1}
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\WIND\WIND.exe
c:\windows\$NtUninstallKB54679$
c:\windows\$NtUninstallKB54679$\1605208634\@
c:\windows\$NtUninstallKB54679$\1605208634\cfg.ini
c:\windows\$NtUninstallKB54679$\1605208634\Desktop.ini
c:\windows\$NtUninstallKB54679$\1605208634\L\odetmngk
c:\windows\$NtUninstallKB54679$\1605208634\U\00000001.$
c:\windows\$NtUninstallKB54679$\1605208634\U\00000002.$
c:\windows\$NtUninstallKB54679$\1605208634\U\00000004.$
c:\windows\$NtUninstallKB54679$\1605208634\U\80000000.$
c:\windows\$NtUninstallKB54679$\1605208634\U\80000004.$
c:\windows\$NtUninstallKB54679$\1605208634\U\80000032.$
c:\windows\$NtUninstallKB54679$\2567209568
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 14:48 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-29 13:49 . 2012-04-29 13:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-29 13:39 . 2012-04-29 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\529C50A800717D320000205BD151FC84
2012-04-27 15:56 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BF1BFAF0-5468-4D23-8D27-5194D2AFCBFF}\mpengine.dll
2012-04-26 14:42 . 2012-04-26 14:44 -------- d-----w- c:\program files\Content Manager
2012-04-06 01:57 . 2012-04-15 12:23 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 20:04 . 2012-04-02 20:23 -------- d-----w- c:\program files\Ghost Mouse Auto Clicker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 12:23 . 2011-05-25 18:38 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2006-05-04 10:00 6734704 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-06 23:15 . 2012-02-01 16:07 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-02-01 16:07 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-02-01 16:07 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-02-01 16:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-01 16:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-02-01 16:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-02-01 16:07 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-02-01 16:07 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-02-01 16:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-02-01 16:07 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2009-10-07 16:09 237072 -c----w- c:\windows\system32\MpSigStub.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-10-21 11:37 . 2011-10-21 11:37 4752189 -c--a-w- c:\program files\exiftool(-k).exe
2012-04-20 15:37 . 2012-04-20 15:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Gooderham.LAPTOP\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HP SimpleSave Monitor.lnk - c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe [2012-1-6 477080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-19 24576]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2007-4-1 327680]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/02/2012 12:07 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/02/2012 12:07 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/02/2012 12:07 PM 20696]
R2 BackupService;BackupService;c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [06/01/2012 11:15 AM 83512]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14/03/2011 11:27 AM 271712]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 10:11 AM 65856]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [29/01/2012 8:06 PM 73216]
S2 gupdate1c9d47de932459a;Google Update Service (gupdate1c9d47de932459a);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 6:22 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 9:57 PM 253088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [29/01/2012 8:06 PM 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [29/01/2012 8:06 PM 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [29/01/2012 8:06 PM 235392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 6:22 AM 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [29/04/2012 9:49 AM 40776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:23]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
- c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
- c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
.
2012-04-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
FF - ProfilePath - c:\documents and settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?st=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Mobile Partner - c:\program files\WIND\WIND.exe
SafeBoot-WinDefend
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2012-04-30 12:52:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 16:52
.
Pre-Run: 6,023,593,984 bytes free
Post-Run: 3,906,338,816 bytes free
.
- - End Of File - - A70B8F9D3528744F4F3E31013D479529
.
.
P.S.
Smart Fortress didn't autorun but is still on my desktop and in my programs list.
.
oldman960
2012-05-01, 02:34
Hi Halton,
Wind.exe was targeted because of the location.
Please rescan with OTL and we'll clean up the left overs. This time check the box beside "scan all users" and click Quick Scan. There will only be a OTL.txt this time.
.
Hello......here is the new OTL scan
--------------------------------------------------------------------
OTL logfile created on: 30/04/2012 8:59:05 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.97% Memory free
4.83 Gb Paging File | 4.54 Gb Available in Paging File | 93.94% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 3.32 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
Drive F: | 35.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
PRC - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
PRC - [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
PRC - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/30 14:00:32 | 001,771,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12043001\algo.dll
MOD - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
MOD - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
MOD - [2012/04/30 12:57:50 | 000,185,856 | ---- | M] () -- C:\Program Files\WIND\XFramePlugin.dll
MOD - [2012/04/30 12:57:50 | 000,159,232 | ---- | M] () -- C:\Program Files\WIND\XCodec.dll
MOD - [2012/04/30 12:57:50 | 000,142,336 | ---- | M] () -- C:\Program Files\WIND\USSDSrvPlugin.dll
MOD - [2012/04/30 12:57:50 | 000,135,168 | ---- | M] () -- C:\Program Files\WIND\Trace.dll
MOD - [2012/04/30 12:57:50 | 000,106,496 | ---- | M] () -- C:\Program Files\WIND\Win7Support.dll
MOD - [2012/04/30 12:57:49 | 001,148,416 | ---- | M] () -- C:\Program Files\WIND\QtNetwork4.dll
MOD - [2012/04/30 12:57:49 | 000,781,824 | ---- | M] () -- C:\Program Files\WIND\SMSUIPlugin.dll
MOD - [2012/04/30 12:57:49 | 000,670,720 | ---- | M] () -- C:\Program Files\WIND\SmsAppPlugin.dll
MOD - [2012/04/30 12:57:49 | 000,370,176 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qtiff4.dll
MOD - [2012/04/30 12:57:49 | 000,320,512 | ---- | M] () -- C:\Program Files\WIND\StatusBarMgrPlugin.dll
MOD - [2012/04/30 12:57:49 | 000,258,560 | ---- | M] () -- C:\Program Files\WIND\sdk.dll
MOD - [2012/04/30 12:57:49 | 000,229,376 | ---- | M] () -- C:\Program Files\WIND\ToolBarMgrPlugin.dll
MOD - [2012/04/30 12:57:49 | 000,217,600 | ---- | M] () -- C:\Program Files\WIND\SmsSrvPlugin.dll
MOD - [2012/04/30 12:57:49 | 000,156,672 | ---- | M] () -- C:\Program Files\WIND\STKSrvPlugin.dll
MOD - [2012/04/30 12:57:48 | 009,515,520 | ---- | M] () -- C:\Program Files\WIND\QtGui4.dll
MOD - [2012/04/30 12:57:46 | 002,415,104 | ---- | M] () -- C:\Program Files\WIND\QtCore4.dll
MOD - [2012/04/30 12:57:46 | 000,545,280 | ---- | M] () -- C:\Program Files\WIND\PluginContainer.dll
MOD - [2012/04/30 12:57:46 | 000,379,392 | ---- | M] () -- C:\Program Files\WIND\Proxy.dll
MOD - [2012/04/30 12:57:46 | 000,350,720 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qmng4.dll
MOD - [2012/04/30 12:57:46 | 000,225,280 | ---- | M] () -- C:\Program Files\WIND\NetSrvPlugin.dll
MOD - [2012/04/30 12:57:46 | 000,192,000 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qjpeg4.dll
MOD - [2012/04/30 12:57:46 | 000,133,120 | ---- | M] () -- C:\Program Files\WIND\OSDialup.dll
MOD - [2012/04/30 12:57:46 | 000,131,072 | ---- | M] () -- C:\Program Files\WIND\OSNDIS.dll
MOD - [2012/04/30 12:57:46 | 000,101,376 | ---- | M] () -- C:\Program Files\WIND\OSAdapt.dll
MOD - [2012/04/30 12:57:46 | 000,093,184 | ---- | M] () -- C:\Program Files\WIND\NotifyServicePlugin.dll
MOD - [2012/04/30 12:57:46 | 000,082,944 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qgif4.dll
MOD - [2012/04/30 12:57:46 | 000,081,920 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qico4.dll
MOD - [2012/04/30 12:57:46 | 000,065,536 | ---- | M] () -- C:\Program Files\WIND\OSPowerMgr.dll
MOD - [2012/04/30 12:57:46 | 000,062,976 | ---- | M] () -- C:\Program Files\WIND\OSCall.dll
MOD - [2012/04/30 12:57:45 | 001,101,824 | ---- | M] () -- C:\Program Files\WIND\NDISAPI.dll
MOD - [2012/04/30 12:57:45 | 000,449,536 | ---- | M] () -- C:\Program Files\WIND\NetInfoUIExPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,331,776 | ---- | M] () -- C:\Program Files\WIND\NetConnectPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,275,456 | ---- | M] () -- C:\Program Files\WIND\NetInfoSrvPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,269,824 | ---- | M] () -- C:\Program Files\WIND\LiveUpdateInterface.dll
MOD - [2012/04/30 12:57:45 | 000,245,760 | ---- | M] () -- C:\Program Files\WIND\MenuMgrPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,179,712 | ---- | M] () -- C:\Program Files\WIND\NDISPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,158,720 | ---- | M] () -- C:\Program Files\WIND\NetConnectSrvPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,117,760 | ---- | M] () -- C:\Program Files\WIND\LayoutPlugin.dll
MOD - [2012/04/30 12:57:45 | 000,043,008 | ---- | M] () -- C:\Program Files\WIND\libgcc_s_dw2-1.dll
MOD - [2012/04/30 12:57:45 | 000,011,362 | ---- | M] () -- C:\Program Files\WIND\mingwm10.dll
MOD - [2012/04/30 12:57:44 | 000,495,104 | ---- | M] () -- C:\Program Files\WIND\DeviceMgrUIPlugin.dll
MOD - [2012/04/30 12:57:44 | 000,414,720 | ---- | M] () -- C:\Program Files\WIND\DialupUIPlugin.dll
MOD - [2012/04/30 12:57:44 | 000,356,352 | ---- | M] () -- C:\Program Files\WIND\core.dll
MOD - [2012/04/30 12:57:44 | 000,337,408 | ---- | M] () -- C:\Program Files\WIND\DeviceAppPlugin.dll
MOD - [2012/04/30 12:57:44 | 000,300,544 | ---- | M] () -- C:\Program Files\WIND\DeviceSrvPlugin.dll
MOD - [2012/04/30 12:57:44 | 000,218,112 | ---- | M] () -- C:\Program Files\WIND\Common.dll
MOD - [2012/04/30 12:57:44 | 000,211,456 | ---- | M] () -- C:\Program Files\WIND\DialUpPlugin.dll
MOD - [2012/04/30 12:57:44 | 000,157,184 | ---- | M] () -- C:\Program Files\WIND\DataServicePlugin.dll
MOD - [2012/04/30 12:57:43 | 000,547,840 | ---- | M] () -- C:\Program Files\WIND\CallLogSrvPlugin.dll
MOD - [2012/04/30 12:57:43 | 000,175,104 | ---- | M] () -- C:\Program Files\WIND\CallSrvPlugin.dll
MOD - [2012/04/30 12:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\WIND\AddrBookPlugin.dll
MOD - [2012/04/30 12:57:42 | 000,739,840 | ---- | M] () -- C:\Program Files\WIND\AddrBookUIPlugin.dll
MOD - [2012/04/30 12:57:42 | 000,550,400 | ---- | M] () -- C:\Program Files\WIND\CallAppPlugin.dll
MOD - [2012/04/30 12:57:42 | 000,264,704 | ---- | M] () -- C:\Program Files\WIND\AddrBookSrvPlugin.dll
MOD - [2012/04/30 12:57:42 | 000,238,592 | ---- | M] () -- C:\Program Files\WIND\AtCodec.dll
MOD - [2012/04/30 12:57:42 | 000,123,392 | ---- | M] () -- C:\Program Files\WIND\ATR2SMgr.dll
MOD - [2011/12/30 15:51:11 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtNetwork4.dll
MOD - [2011/12/30 15:51:11 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtXml4.dll
MOD - [2011/12/30 15:51:11 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QueryStrategy.dll
MOD - [2011/12/30 15:51:10 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtCore4.dll
MOD - [2011/12/30 15:51:09 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2011/12/30 15:51:09 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\mingwm10.dll
MOD - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
MOD - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001/10/29 02:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WIND\UpdateDog\ouc.exe -- (WIND. RunOuc)
SRV - [2012/04/15 08:23:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\GOODER~1.LAP\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\System32\drivers\dwshd.sys -- (dwshd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/10/03 08:25:03 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/10/03 08:24:33 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/10/03 08:24:01 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2010/10/03 08:18:32 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/09/16 15:18:32 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/19 20:46:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{995F004B-3A93-445F-9A34-4E2521724E49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 17:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/20 11:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/20 11:37:35 | 000,000,000 | ---D | M]
[2011/02/16 01:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
[2009/08/09 20:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/27 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
[2012/01/09 08:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/24 13:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/03/28 12:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
[2011/02/16 01:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 11:37:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/29 15:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/04/20 11:37:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 11:37:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/04/30 12:44:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 11:19:15 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE}: NameServer = 74.115.197.69 74.115.197.68
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/16 11:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/30 13:53:56 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/30 20:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scans
[2012/04/30 16:03:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/30 12:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WIND
[2012/04/30 12:58:20 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/04/30 12:58:20 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/04/30 12:58:20 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/04/30 12:58:20 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/04/30 12:58:19 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/04/30 12:58:19 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/04/30 12:58:19 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/04/30 12:58:19 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/04/30 12:58:19 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/04/30 12:58:19 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/04/30 12:58:19 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/04/30 12:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/30 12:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/30 10:45:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/30 10:45:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/30 10:45:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/30 10:45:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/30 10:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/29 17:09:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/04/29 09:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
[2012/04/29 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
[2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magellan Content Manager
[2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
[2012/04/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\407 ETR
[2012/04/16 11:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\TD Statements
[2012/04/10 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\MoneyBookers
[2012/04/04 12:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\9TM Arizona
[2012/04/02 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
[2011/10/21 07:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe
========== Files - Modified Within 30 Days ==========
[2012/04/30 21:05:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 20:40:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
[2012/04/30 20:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 19:48:28 | 000,017,172 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
[2012/04/30 12:59:05 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
[2012/04/30 12:57:52 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/04/30 12:57:52 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/04/30 12:57:52 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/04/30 12:57:52 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/04/30 12:57:51 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/04/30 12:57:51 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/04/30 12:44:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 12:44:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 12:43:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 12:43:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 12:43:04 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
[2012/04/27 10:40:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
[2012/04/27 09:10:23 | 000,086,044 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
[2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/23 11:27:28 | 001,249,432 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
[2012/04/23 11:06:17 | 000,036,473 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
[2012/04/12 03:18:40 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 03:18:40 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/09 11:01:27 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
[2012/04/04 10:51:40 | 000,031,050 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
[2012/04/04 09:47:19 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
[2012/04/04 09:38:31 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2012/04/04 08:50:43 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012/04/30 19:48:26 | 000,017,172 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
[2012/04/30 12:59:05 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
[2012/04/30 12:43:04 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/30 10:45:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 10:45:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 10:45:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 10:45:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 10:45:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/29 09:43:32 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
[2012/04/27 09:10:21 | 000,086,044 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
[2012/04/23 11:27:24 | 001,249,432 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
[2012/04/23 11:06:15 | 000,036,473 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
[2012/04/20 11:37:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/09 11:01:27 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
[2012/04/05 21:57:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/04 10:51:39 | 000,031,050 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
[2012/04/04 09:47:19 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
[2012/02/15 15:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 11:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2011/12/06 16:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
[2011/12/06 16:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/11/01 08:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011/05/07 17:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/05/06 15:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/06 15:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/06 15:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
[2010/08/22 08:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/06 08:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm
========== LOP Check ==========
[2012/04/29 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
[2012/02/01 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/30 13:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/05/06 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/30 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/03/13 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/04/27 11:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/12/25 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/05/10 06:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
[2008/06/21 20:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/01/11 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2012/02/06 13:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2006/09/11 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/18 00:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2011/12/30 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
[2011/04/27 08:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
[2012/02/07 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\asoftech
[2010/04/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
[2011/05/25 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
[2009/03/02 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
[2011/03/29 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
[2008/01/25 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
[2010/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
[2008/12/09 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
[2011/05/06 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
[2006/06/17 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
[2012/03/13 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
[2008/01/12 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
[2010/10/05 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
[2011/05/09 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
[2011/12/23 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
[2006/10/28 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
[2007/11/15 04:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
[2008/09/16 05:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
[2010/09/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
[2006/12/19 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
[2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
.
oldman960
2012-05-01, 09:56
Hi Halton,
Your java is out of date. Click your start button, open Control panel.
Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now
Decline any Toolbars that may be offered during the update.
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:OTL
[2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
[2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
:Files
dir "C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84" /s /c
ipconfig /flushdns /c
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.
Open MBAM
Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with
OTL fix log
MBAM log
Any problems?
.
Hello.......Java updated as requested......OTL fix applied.
MBAM updated and scanned......found 3 objects.
During the scan.....Avast fired a couple of warnings when MBAM found the threats......see attached screen shot.
Also.....when I was doing some test browsing this pop-up appeared when on Youtube.....see attached.
Never seen it before.....wasn't sure so I just closed it (X)
Here are the reports.......
-------------------------------------------------------------------------
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012 folder moved successfully.
C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk moved successfully.
========== FILES ==========
< dir "C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84" /s /c >
Volume in drive C has no label.
Volume Serial Number is F49E-B697
Directory of C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
29/04/2012 09:39 AM <DIR> .
29/04/2012 09:39 AM <DIR> ..
30/04/2012 10:33 AM 328 529C50A800717D320000205BD151FC84
29/04/2012 09:39 AM 425,984 529C50A800717D320000205BD151FC84.exe
2 File(s) 426,312 bytes
Total Files Listed:
2 File(s) 426,312 bytes
2 Dir(s) 3,472,560,128 bytes free
C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gooderham.LAPTOP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
User: Administrator.LAPTOP.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Gooderham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gooderham.LAPTOP
->Temp folder emptied: 83852143 bytes
->Temporary Internet Files folder emptied: 4246349 bytes
->Java cache emptied: 144353 bytes
->FireFox cache emptied: 54038554 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 87619 bytes
User: GOODER~1~LAP
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3072054 bytes
Total Files Cleaned = 139.00 mb
Unable to start System Restore Service. Error code 1056
OTL by OldTimer - Version 3.2.42.2 log created on 05012012_075706
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\hsperfdata_Gooderham\3796 not found!
File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3A2C.tmp not found!
File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3A62.tmp not found!
File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3B8E.tmp not found!
File\Folder C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temp\~DF3BE3.tmp not found!
C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\EBMITVC7\showthread[1].htm moved successfully.
C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.01.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gooderham :: DELL [administrator]
01/05/2012 8:11:57 AM
mbam-log-2012-05-01 (08-11-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261929
Time elapsed: 11 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\documents and settings\all users\application data\529c50a800717d320000205bd151fc84\529c50a800717d320000205bd151fc84.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\documents and settings\gooderham.laptop\local settings\temp\_avast_\unp45314377.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
(end)
.
oldman960
2012-05-01, 17:11
Hi Halton,
Both of those popups are valid and ok. The one from avast is it detecting the file while MBAM was opening it and removing it. This happens from time to time as the av will "read" the file at the same time as another security program does. Either way the file has been removed.
The second is a popup from windows which is normally enabled by default. Web sites can be comprised of secure and insecure pages. This is windows warning you that you are leaving or entering a secure site. One of the tools we used just restored the setting to default. If you don't want to see it just check the box beside "In the future, don't show this warning".
One more scan to check our handiwork.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
Please post the ESET log if there is one. Any problems?
.
Hello......here is the ESET scan
-------------------------------------------------------------------------
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DA trojan
.
.
Hello......updated MBAM again this morning......scan results below.
Avast fired a few times during the scan and grabbed some more.....see attached screen capture.
------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.02.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gooderham :: DELL [administrator]
02/05/2012 8:19:48 AM
mbam-log-2012-05-02 (08-19-48).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333454
Time elapsed: 1 hour(s), 53 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp33\a0008867.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
(end)
.
oldman960
2012-05-02, 17:46
Hi Halton,
The Eset detections for the most part are warning you of a Potentially Unwanted Program,Uniblue. See HERE (http://forums.spybot.info/showthread.php?t=30113) for more information on these types of programs.
I can't see where the first detections in the screenshot are but they are temprorary files. There is also no date but if the list is chronological those are old detections and were removed when we emptied the temp files.
From the first MBAM scan:
Files Detected: 2
c:\documents and settings\all users\application data\529c50a800717d320000205bd151fc84\529c50a800717d320000205bd151fc84.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\documents and settings\gooderham.laptop\local settings\temp\_avast_\unp45314377.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
The 5th and 6th looks like the ones Avast removed during the first MBAM scan.
Starting with C:\Qoobx\Quarantine those are files we have quarantined or are in System Restore points. The MBAM detection is also in a System Restore point. These are harmless unless you restore to that point. They will be removed when the tools are removed.
We'll remove the tools now. Once the tools are removed System Restore will be reset and the quarantined files removed.
From your desktop, please delete, if present
any notepads/logs that we created
Farbar Service Scanner
Next
Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
Upates and upgrades
Adobe Acrobat - Reader 6.0.2 Update This is very old and vulnerable. You don't need it as you have FoxIt Reader. I suggest you uninstall Adobe Acrobat - Reader 6.0.2 Update
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall and antispyware to what you have.
* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.
Click FIREWALL (http://www.bleepingcomputer.com/forums/tutorial60.html) for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)
For a resident antispyware program you could use Spybot (http://www.safer-networking.org/en/download/) (scroll down) It can also be used to install a Custom Hosts file.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
Take care
.
Done.....done.....and done...... :cool:
I did the Hosts File thingy and the DNS disable.....I assume it's running.
All seems to be well......Thanks for the help.
Best Regards
.
oldman960
2012-05-04, 17:08
Hi Halton,
You are more than welcome.
Take care, keep safe.
oldman960
2012-05-05, 15:49
Since this issue appears to be resolved ... this Topic has been closed.